Prevent hard check on token expiration when calling token refresh endpoint #102
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The refresh endpoint shouldn't have a hard check on token expiration since we're allowing for tokens to be refreshed beyond the expiration up to a given delta. The current functionality prevents a refresh from ever occurring, causing the refresh endpoint to also respond with a 401, thus ending the user's session.
This fix bubbles
verify_exp=False
from the refresh serializer down tojwt_decode
to prevent it from raising anExpiredSignature
exception when attempting to refresh an otherwise valid token, as allowed by the settings.Fixes #25